Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why Raise INVALID_APP_IDENTIFIER? #113

Open
big-c-note opened this issue Dec 3, 2024 · 10 comments
Open

Why Raise INVALID_APP_IDENTIFIER? #113

big-c-note opened this issue Dec 3, 2024 · 10 comments

Comments

@big-c-note
Copy link

The line under concern for this issue is: https://github.com/apple/app-store-server-library-python/blob/1202058ddf4eac67c66f3947827e042e9ae6eee1/appstoreserverlibrary/signed_data_verifier.py#L72C1-L73C83

The signed data verifier raises VerificationStatus.INVALID_APP_IDENTIFIER if the decoded transaction bundle id is not equal to the signed verifier bundle id.

Why raise this error? There are legitimate edge cases where we have No bundle id in the api response for that transaction id.

Does it make sense to allow None bundle id response?
@big-c-note
Copy link
Author

I would add a flag to say whether to be explicit on this or not. Because I would prefer the data even when the bundleId is None

@big-c-note
Copy link
Author

#114 As an example, if you like this or want to pass a flag, let me know and I can submit a PR

@alexanderjordanbaker
Copy link
Collaborator

alexanderjordanbaker commented Dec 3, 2024
edited
Loading

There are legitimate edge cases where we have No bundle id in the api response for that transaction id.

Could you provide more info on these cases? There are no legitimate cases I am aware of

@big-c-note
Copy link
Author

Hey @alexanderjordanbaker

I'm not speaking as if I know the reasons why the api can return a response without a bundleId

What I am saying is that we have about a one in a million edge case where I receive this error and the bundleId is None.

I look at the transactions and I personally would prefer having the data, even when the bundleId is None.

I don't see why this would raise any concern. The transaction looks legitimate otherwise, and I suppose a rare bug on Apple side?

@big-c-note
Copy link
Author

big-c-note commented Dec 3, 2024
edited
Loading

Is there any particular reason to throw that error when that data exists?

@alexanderjordanbaker
Copy link
Collaborator

@big-c-note If you have a recent example of that, would love to see it, could you file a ticket in Feedback Assistant (feedbackassistant.apple.com) and post the FB number here please

@big-c-note
Copy link
Author

These are old orders @alexanderjordanbaker

But happy to share. Can you help me to know what is a FB number?

@big-c-note
Copy link
Author

Oh disregard a feedback assistant number. Got it, will do tomorrow. Appreciate the curiosity!

@big-c-note
Copy link
Author

big-c-note commented Dec 3, 2024
edited
Loading

@alexanderjordanbaker FB16031317 (Some responses from transaction history v2 do not have a bundleId (set to None) )

Thank you

Also wanted to mention, I really like how the library is coded up, I've been taking notes! Learned a couple nice things about typing api responses

@big-c-note
Copy link
Author

That is not public correct?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexanderjordanbaker @big-c-note